<?php defined('BASEPATH') OR exit('No direct script access allowed');
/*
	Blog_auth.php
	created on: 11-10-2011
	This class is to checks user authentication
	
*/

class Auth{
	private $CI;
	//constructor
	function __construct()
	{
		//load all neccessary libray
		$this->CI =& get_instance();
		$this->CI->load->config('blog_auth', TRUE);
		$this->CI->load->library('ion_auth');
		$this->CI ->load->library('session');
		$this->CI ->load->library('form_validation');
		$this->CI ->load->database();
		$this->CI ->load->helper('url');
		
		//load configuration items
		$this->unauthorized_page=$this->CI->config->item('unauthorized_page','blog_auth');
		
		
	}

	//function authenticate, check whether user has privileges to access
	function authenticate()
	{
		
		if (!$this->ion_auth->logged_in())
		{
			//redirect them to the login page
			redirect($this->unauthorized_page, 'refresh');
		}else{
			$this->load->model('privileges_model');
			//set the flash data error message if there is one
			$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
			//list the users
			$this->data['user'] = $this->ion_auth->user()->row();
			$roleid=$this->data['user']->group_id;
			$this->data["role"]=$this->role_model->getValue('name','id='.$roleid);
			
			//get current controller name
			$contName=$this->uri->segment(1);	
			//get privileges
			$privileges=$this->privileges_model->privileges;
			$allow=true;
			foreach($privileges as $privilege):
				if($privilege->get_controller() == $contName){
					$allow=false;
					$allowedRoles=$privilege->get_allowedRoles();
					foreach($allowedRoles as $role):
						if($roleid == $role) $allow=true;
					endforeach;
				}
			endforeach;
			if(!$allow)redirect($this->unauthorized_page,'refresh');
		}
	}

	//log the user in
	function login()
	{
		$this->data['title'] = "Login";

		//validate form input
		$this->form_validation->set_rules('identity', 'Identity', 'required');
		$this->form_validation->set_rules('password', 'Password', 'required');

		if ($this->form_validation->run() == true)
		{ //check to see if the user is logging in
			//check for "remember me"
			$remember = (bool) $this->input->post('remember');

			if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember))
			{ //if the login is successful
				//redirect them back to the home page
				$this->session->set_flashdata('message', $this->ion_auth->messages());
				redirect($this->config->item('base_url'), 'refresh');
			}
			else
			{ //if the login was un-successful
				//redirect them back to the login page
				$this->session->set_flashdata('message', $this->ion_auth->errors());
				redirect('auth/login', 'refresh'); //use redirects instead of loading views for compatibility with MY_Controller libraries
			}
		}
		else
		{  //the user is not logging in so display the login page
			//set the flash data error message if there is one
			$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');

			$this->data['identity'] = array('name' => 'identity',
				'id' => 'identity',
				'type' => 'text',
				'value' => $this->form_validation->set_value('identity'),
			);
			$this->data['password'] = array('name' => 'password',
				'id' => 'password',
				'type' => 'password',
			);

			$this->load->view('auth/login', $this->data);
		}
	}

	//log the user out
	function logout()
	{
		$this->data['title'] = "Logout";

		//log the user out
		$logout = $this->ion_auth->logout();

		//redirect them back to the page they came from
		redirect('auth', 'refresh');
	}

}
